Analysis of the 2007 Cyber Attacks against Estonia from the Information Warfare Perspective

Authors:

Files:

Following the relocation of a Soviet-era statue in Tallinn in April of 2007, Estonia fell under
a politically motivated cyber attack campaign lasting twenty-two days. Perhaps the best known attacks
were distributed denial of service attacks, resulting in temporary degradation or loss of service on
many commercial and government servers. While most of the attacks targeted non-critical services
like public websites and e-mail, others concentrated on more vital targets, such as online banking and
DNS. At the time of this writing – more than six months after the cyber attacks – no organization or
group has claimed responsibility for the cyber attacks, although some individuals have been linked
with carrying them out.

This paper will argue that the key to understanding the cyber attacks that took place against Estonia
in 2007 lies with the analysis of an abundance of circumstantial evidence that ran parallel to the cyber
attacks. These consisted of political, economic and information attacks on Estonia, as well as isolated
cases of physical violence. Clear political signatures were even detected in the malicious network
traffic. All told, it is clear that the cyber attacks were linked with the overall political conflict between
Estonia and Russia.

While some analysts have considered last year’s events in Estonia an international, grass roots,
display of public opinion, there are some direct and many indirect indications of state support behind
what can be best described as an information operation. By information operation, the author means
the use of information and information technology to affect the decisions and actions of an opponent.
The paper will give an overview of the major events and provide an analysis of the attacks from the
information warfare perspective. The paper will also discuss some of the potential problems with using
the Internet as a field of battle by lone hackers, terrorist groups and states. To a minor degree, the
paper will also cover the difficulties associated with investigating and analyzing international cyber
attacks. The objective of this paper is not to implicate a specific organization or entity, but to provide a
wider view to the cyber attacks that were carried out against Estonia in the spring of 2007.

Published in: Proceedings of the 7th European Conference on Information Warfare and Security, Plymouth, 2008.